FCC Chairman Brendan Carr has announced the creation of a new Council on National Security within the agency, which he says aims at strengthening US defenses against foreign technology threats — particularly those from China. According to the FCC, the…
Tag: Information Security Buzz
The API Security Illusion: IT Leaders May Be Overconfident
As APIs become more integral to both everyday digital services and complex AI systems, concerns over their security are growing — and not without good reason. APIs are the connective tissue of modern software, but without strong governance, they can…
Insight Into Reliaquest’s Critical Cyber Threats to Hospitality and Recreation Report
The latest threat landscape report from ReliaQuest has unearthed some concerning findings regarding the critical threats faced by the hospitality and recreation sector. These include identifying a 43% increase in ransomware attacks, the discovery that 44% of phishing emails contained…
GitHub Leak Puts Software Supply Chains at Risk: Thousands of Secrets Exposed
Over 23,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action, say researchers at StepSecurity. GitHub Actions is a CI/CD service that allows developers to automate software builds and testing. Workflows run in response to…
Massive RSA Encryption Flaw Exposes Millions of IoT Devices to Attack
A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness. The issue mainly affects Internet of Things (IoT)…
How Security Teams Should Respond to the Rise in Vulnerability Disclosures
In 2024, vulnerability disclosures hit an all-time high, with over 30,000 vulnerabilities recorded in the National Vulnerability Database (NVD). Unfortunately, we can expect these numbers to continue rising as the use of open source, GenAI, and software overall is ever-growing.…
DeepSeek Can Be Abused to Create Malware
In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities. Unlike popular…
Microsoft Uncovers New XCSSET macOS Malware Variant Targeting Xcode Projects
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since…
Volt Typhoon Found Inside Massachusetts Electric Utility for Nearly a Year
Industrial cybersecurity firm Dragos has revealed that a small electric and water utility in Massachusetts was breached by a sophisticated Chinese Advanced Persistent Threat (APT) group for over 300 days. The attack targeted Littleton Electric Light and Water Departments (LELWD),…
OpenAI Pushes for Federal-Only AI Regulation
OpenAI has officially called on US lawmakers to exempt it from complying with state-level AI regulations, instead urging a unified approach under federal AI rules. It argues that a consistent, nationwide framework is critical to maintain US leadership in AI…